Jump to content

Rewrite loop. Losing the will to live.


Shutupquare

Recommended Posts

Hi all been banging my head against a wall on this one and looked at a lot of articles.

I'm trying to rewrite 3 sections of a wordpress site to https if they are accessed over http:

/cart/

/my-account/

/checkout/

As well as these rewrite's worpress has added a rewrite to remove index.php out of the url.

The index.php rewrite is about the only thing that is working.

here is my .htaccess

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} (checkout|cart|my-account)
RewriteRule ^(.*)$ [url="https://%{SERVER_NAME}%{REQUEST_URI}"]https://%{SERVER_NAME}%{REQUEST_URI}[/url] [R=302,L]

# BEGIN WordPress
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress

</IfModule>

# END WordPress

It redirects to the https but then gets stuck in a loop and the browser will complain of a loop. Any rewrite guru's in here.

Edited by Shutupquare
Link to comment
Share on other sites

Okay somthing strange happened when i posted the .htaccess here it is raw.

 

<IfModule mod_rewrite.c>

RewriteEngine On

RewriteBase /

 

RewriteCond %{HTTPS} off

RewriteCond %{REQUEST_URI} (checkout|cart|my-account)

RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R=302,L]

 

# BEGIN WordPress

RewriteRule ^index\.php$ - [L]

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule . /index.php [L]

# END WordPress

 

</IfModule>

 

# END WordPress

Link to comment
Share on other sites

I'm probably just missing it but I don't see a loop [edit] unless you don't have SSL set up [/edit]. Where does the browser get redirected to?

 

Thanks for the reply,

 

It gets redirected to the https: version of the page but the page never shows as it complains about a loop.

 

if I run curl on the page to negate any caching problems

 

 

PS C:\Users\Stephen> C:\Users\Stephen\Downloads\curl-7.23.1-win64-ssl-sspi\curl.exe -k -i http://www.mysite.com/cart
HTTP/1.1 302 Found
Date: Wed, 20 Feb 2013 09:07:06 GMT
Server: Apache
Location: https://www.mysite.com/cart
Vary: Accept-Encoding
Content-Length: 285
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="https://www.mysite.com/cart">here</a>.</p>
<hr>
<address>Apache Server at www.mysite.com Port 80</address>
</body></html>

PS C:\Users\Stephen> C:\Users\Stephen\Downloads\curl-7.23.1-win64-ssl-sspi\curl.exe -k -i https://www.mysite.com/cart
HTTP/1.1 302 Found
Date: Wed, 20 Feb 2013 09:07:06 GMT
Server: Apache
Location: https://www.mysite.com/cart
Vary: Accept-Encoding
Content-Length: 285
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="https://www.mysite.com/cart">here</a>.</p>
<hr>
<address>Apache Server at www.mysite.com Port 80</address>
</body></html>

 

If I got to the http url I get rightfully redirected to the https url, but when I go to the https url I get redirected back to the https url again even though i'm already on it.

Link to comment
Share on other sites

Just tried it here is the results:

 

PS C:\Users\Stephen> C:\Users\Stephen\Downloads\curl-7.23.1-win64-ssl-sspi\curl.exe -k -i https://www.mysite.com/cart
HTTP/1.1 302 Found
Date: Wed, 20 Feb 2013 11:43:11 GMT
Server: Apache
Location: https://www.mysite.com/cart---off
Vary: Accept-Encoding
Content-Length: 291
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="https://www.mysite.com/cart---off">here</a>.</p>
<hr>
<address>Apache Server at www.mysite.com Port 80</address>
</body></html>

 

Cheers.

Link to comment
Share on other sites

That would certainly explain it. Look at $_SERVER["REMOTE_ADDR"]: if it's a LAN address like 10.* or 192.* then it's probably behind a proxy. (If not, it still could be.) Also $_SERVER["SERVER_PORT"] will be 80 for HTTP and 443 for HTTPS.

Edited by requinix
Link to comment
Share on other sites

It wouldn't break https if the proxy server was the one doing the ssl, Client connect securely to proxy, proxy connects insecurely to wordpress webserver. Sure the connection between proxy and webserver is insecure but it's internal and could even be on the same host. I don't think it would pass any PCI compliance checks though!

Link to comment
Share on other sites

I meant the proxy forging the IP address would break it.

 

[edit] Because then the web server would try to send traffic to that fake IP address (the client), except the client would receive HTTP data instead of the HTTPS it was expecting (assuming the proxy also set the source port to the client's). Don't know what would happen but there would certainly be some problems somewhere.

Edited by requinix
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.